Overclock.net - Overclocking.net
     
 
Home Gallery Reviews Blogs Register Today's Posts Mark Forums Read Members List


Go Back   Overclock.net - Overclocking.net > Industry News > Hardware News

Reply
 
LinkBack Thread Tools
Old 07-03-09   #1 (permalink)
Overclocker
 
intel ati

Join Date: Feb 2008
Location: NJ
Posts: 294

Rep: 47 SonicJoe is acknowledged by some
Unique Rep: 46
Folding Team Rank: 747
Trader Rating: 0
Default [ZDNet] iPhone executes SMS binary code as root

Quote:
A security flaw has been discovered in the iPhone OS that could allow attackers to gain root access to the iPhone OS and allow them to install and execute malicious programs at will.

Charlie Miller announced the discovery of the vulnerability during a presentation at the SyScan conference in Singapore on Thursday. DailyTech explains:


The iPhone apparently automatically executes binary code sent in SMS messages. Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles. While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.

Miller wouldn’t provide specific details nor would he demonstrate the vulnerability stating that he has entered under an agreement with Apple. He’d only say, “SMS is a great vector to attack the iPhone.”
I can't believe no one else posted this...

Source
__________________
ATi 4830 Club

Quote:
Originally Posted by bumsoil View Post
welcome to the internet!
to get started go to google.com and follow on screen instructions.

System: My System v2.0
CPU
Q6600 G0
Motherboard
ASUS P5Q Deluxe
Memory
4x 1GB Kingston HyperX PC2 8500
Graphics Card
2x Sapphire HD4830 512MB - Crossfire
Hard Drive
2x WD Caviar 500GB
Sound Card
ASUS Xonar DX
Power Supply
Thermaltake 750W (W0116RU)
Case
Antec 300
CPU cooling
Tuniq Tower 120
GPU cooling
Stock
OS
Windows 7 Ultimate 64bit
Monitor
Samsung 920NW
SonicJoe is online now I fold for Overclock.net   Reply With Quote
Old 07-03-09   #2 (permalink)
Intel Overclocker
 
oregonducks45's Avatar
 
intel

Join Date: Jun 2007
Location: South Carolina
Posts: 1,040

Rep: 53 oregonducks45 is acknowledged by some
Unique Rep: 48
Trader Rating: 4
Default

also of note apple is supposed to be releasing a patch this month that fixes this

System: Macbook
CPU
Core 2 Duo @ 2.0 ghz
Memory
2gb DDR2
Graphics Card
Intel 950
Hard Drive
250gb Seagate
Case
White
OS
snow leopard
Monitor
13.3" Glossy
oregonducks45 is offline   Reply With Quote
Old 07-03-09   #3 (permalink)
Luck : 10pts
 
Licht's Avatar
 
amd ati

Join Date: Mar 2007
Location: Fl, US
Posts: 12,825
Blog Entries: 3

Rep: 363 Licht is a proven memberLicht is a proven memberLicht is a proven memberLicht is a proven member
Unique Rep: 240
Trader Rating: 0
Default

This is a massive security risk... I wonder if any major exploits will be born in time.

System: Uzicht #4.5
CPU
Phenom II X4 920
Motherboard
Gigabyte 790X AM2+
Memory
6GB Kingston DDR2 667MHZ
Graphics Card
HD4850 + HD3870
Hard Drive
4x WD1600AAJS RAID0
Sound Card
X-Fi Extreme Gamer Professional
Power Supply
OCZ Game-X-Stream 700w
Case
NZXT Black Steel
CPU cooling
Xigmatec Rifle
GPU cooling
Stock Saphire 3870 Cooling
OS
Windows 7 Ultimate x86-x64
Monitor
Samsung SyncMaster 19"Wide
Licht is offline Overclocked Account Licht's Gallery   Reply With Quote
Old 07-03-09   #4 (permalink)
Intel Overclocker
 
oregonducks45's Avatar
 
intel

Join Date: Jun 2007
Location: South Carolina
Posts: 1,040

Rep: 53 oregonducks45 is acknowledged by some
Unique Rep: 48
Trader Rating: 4
Default

Quote:
Originally Posted by Licht View Post
This is a massive security risk... I wonder if any major exploits will be born in time.
doubtful because my guess is that this has been in since the first iphone os, unless it has to do with mms, so after 2 years it was just discovered i dont think there will be an exploit in under a month

System: Macbook
CPU
Core 2 Duo @ 2.0 ghz
Memory
2gb DDR2
Graphics Card
Intel 950
Hard Drive
250gb Seagate
Case
White
OS
snow leopard
Monitor
13.3" Glossy
oregonducks45 is offline   Reply With Quote
Old 07-03-09   #5 (permalink)
*cough* Stock *cough*
 
gex80's Avatar
 
intel ati

Join Date: Nov 2007
Posts: 1,752

Rep: 67 gex80 is acknowledged by some
Unique Rep: 57
Trader Rating: 0
Default

Quote:
Originally Posted by oregonducks45 View Post
doubtful because my guess is that this has been in since the first iphone os, unless it has to do with mms, so after 2 years it was just discovered i dont think there will be an exploit in under a month
what makes u think it doesnt have to do with OS 3?

Seems like apple has been falling off the ball with their security and OSes lately.
__________________
Zune Owner's Club!

I tried Latty's Linux challenge. I now despise that OS all together.

System: The Feather Weight
CPU
Q6700
Motherboard
Intel DP45SG
Memory
2x2GB DDR3 1066
Graphics Card
Visiontek HD 4870
Hard Drive
320 Western Digital + 1TB Black Caviar WD
Sound Card
Creative x-fi extreme gamer
Power Supply
BFG 800 Watt
Case
Antec 900
CPU cooling
OCZ Vendetta II
GPU cooling
Stock
OS
vista ultimate x64/Windows 7 Ultimate 64x
Monitor
Samsung T220 22 inch
gex80 is offline   Reply With Quote
Old 07-03-09   #6 (permalink)
WaterCooler
 
R@ZOR's Avatar
 
intel ati

Join Date: Nov 2006
Location: Adelaide
Posts: 1,503

Rep: 62 R@ZOR is acknowledged by some
Unique Rep: 51
Trader Rating: 0
Default

JB through SMS :P Apparently its being fixed in 3.1 which should come out within a month

System: Kandalf LCS
CPU
Intel i7 920 @ 3.8Ghz 200x19 1.275v
Motherboard
Gigabyte X58 Extreme
Memory
12GB Gskill DDR3 1600Mhz
Graphics Card
2x Gecube 4870 512Mb CrossFire
Hard Drive
2x500GB Seagate 7200.11 Raid0 + 13.2TB's
Sound Card
Intergrated
Power Supply
Corsair HX 620W
Case
Thermaltake Kandalf LCS + MCR320 and MCP655
CPU cooling
Swiftech Apogee GTZ
GPU cooling
Stock
OS
Windows 7 x64
Monitor
1xViewSonic 26" 2xViewsonic VX 22"
R@ZOR is offline   Reply With Quote
Old 07-03-09   #7 (permalink)
Intel Overclocker
 
oregonducks45's Avatar
 
intel

Join Date: Jun 2007
Location: South Carolina
Posts: 1,040

Rep: 53 oregonducks45 is acknowledged by some
Unique Rep: 48
Trader Rating: 4
Default

Quote:
Originally Posted by gex80 View Post
what makes u think it doesnt have to do with OS 3?

Seems like apple has been falling off the ball with their security and OSes lately.
well the only thing they changed in regardeds to messaging, i believe, is the addition of mms which could be the cause as i said

System: Macbook
CPU
Core 2 Duo @ 2.0 ghz
Memory
2gb DDR2
Graphics Card
Intel 950
Hard Drive
250gb Seagate
Case
White
OS
snow leopard
Monitor
13.3" Glossy
oregonducks45 is offline   Reply With Quote
Old 07-03-09   #8 (permalink)
*cough* Stock *cough*
 
intel ati

Join Date: Jun 2007
Location: Saint John, NB
Posts: 2,913

Rep: 135 SyncMaster753 is acknowledged by manySyncMaster753 is acknowledged by many
Unique Rep: 127
Trader Rating: 15
Default

if you get a text from someone you don't know and the preview is all 0/1's don't open it, lol problem solved
__________________
Yeah.....i still play WC3 TFT, so what....

System: My Casual Obsession
CPU
q6700 @3.8, 1.45v(bios)
Motherboard
ASUS P5E-X38 (W/ vdroopMod/Deluxe bios)
Memory
4x2gb g.skill ddr-1012
Graphics Card
HIS 4870 + vTek 4870 (815/1000)
Hard Drive
2 x 500gb Seagate 7200.10 RAID-0
Sound Card
X-fi XtremeMusic
Power Supply
PC P&C Silencer 750w
Case
CM Stacker 830
CPU cooling
True + 2x FM121
GPU cooling
Stock (duorb broke)
OS
Win7 Pro x64
Monitor
Samsung 245t
SyncMaster753 is offline   Reply With Quote
Old 07-03-09   #9 (permalink)
Overclocker
 
intel ati

Join Date: Feb 2008
Location: NJ
Posts: 294

Rep: 47 SonicJoe is acknowledged by some
Unique Rep: 46
Folding Team Rank: 747
Trader Rating: 0
Default

Quote:
Originally Posted by SyncMaster753 View Post
if you get a text from someone you don't know and the preview is all 0/1's don't open it, lol problem solved
You may be right, but the article implies you don't even have to open them, they just need to be received and the phone will execute.

I know its being fixed in a month, but that seems to be a pretty big oversight, and being fixed how? We'll have to keep an eye out. The security issue is actually two problems: 1)the auto-execute of binary code; and 2) SMS running as root. If they only fix one or the other, there still may be other ways to infiltrate.
__________________
ATi 4830 Club

Quote:
Originally Posted by bumsoil View Post
welcome to the internet!
to get started go to google.com and follow on screen instructions.

System: My System v2.0
CPU
Q6600 G0
Motherboard
ASUS P5Q Deluxe
Memory
4x 1GB Kingston HyperX PC2 8500
Graphics Card
2x Sapphire HD4830 512MB - Crossfire
Hard Drive
2x WD Caviar 500GB
Sound Card
ASUS Xonar DX
Power Supply
Thermaltake 750W (W0116RU)
Case
Antec 300
CPU cooling
Tuniq Tower 120
GPU cooling
Stock
OS
Windows 7 Ultimate 64bit
Monitor
Samsung 920NW
SonicJoe is online now I fold for Overclock.net   Reply With Quote
Old 07-04-09   #10 (permalink)
Graphics Card Aficionado
 
Brutuz's Avatar
 
amd nvidia

Join Date: Jun 2007
Location: Or-Stray-la
Posts: 4,724
Blog Entries: 2

Rep: 130 Brutuz is acknowledged by manyBrutuz is acknowledged by many
Unique Rep: 110
Folding Team Rank: 203
Hardware Reviews: 6
Trader Rating: 0
Default

Apple: "Our computers are more secure than your PC"
Microsoft: "Our phones don't have gigantic security holes in them "
__________________
AUSSIE OCN CLUB | 8 Gigs of RAM Club | CM 690 Club
"Fear, Uncertainty and Doubt = FUD = Fudzilla" - Danylu in a MSN Chat
I am not a fanboy, I have a Core 2 Duo E8300 and Pentium Dual Core E2180 as well as the CPU in my sig rig, I also have multiple nVidia cards (6800GS, 9400GT, 9600GT) as well as two ATI. (HD4890 + HD2400Pro)
Using my backup rig for nostalgia factor.
I'm boycotting any games made by Activision until Kotick says bye bye.

System: Backup rig.
CPU
AMD Athlon XP 2600+ Barton
Motherboard
Rebranded Gigabyte VIA KT600 motherboard
Memory
1Gb DDR400 CL2.5
Graphics Card
nVidia TNT2 16Mb AGP
Hard Drive
120Gb Laptop HDD
Sound Card
Onboard
Power Supply
400w nobrand from 2004
Case
Coolermaster Centurion 5
CPU cooling
Stock with a better fan
GPU cooling
Stock
OS
Windows XP nLited SP3
Monitor
19" LCD
1 Million+ Folding at Home points
Brutuz is offline I fold for Overclock.net   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools



All times are GMT -5. The time now is 06:37 AM.


Overclock.net is a Carbon Neutral Site Creative Commons License

Terms of Service / Forum Rules | Privacy Policy | DMCA Info | Advertising | Become an Official Vendor
Copyright © 2009 Shogun Interactive Development. Most rights reserved.
Page generated in 0.16549 seconds with 8 queries